Description

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not consider "don't send" attributes during hub registration, which allows remote hubs to obtain sensitive site information by reading form data.

Remediation

References

CVE-2013-2081

Related Vulnerabilities

Java Unspesificed Vulnerability (CVE-2019-2816)

Jenkins Insufficient Session Expiration Vulnerability (CVE-2019-1003004)

MediaWiki Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2020-25827)

WordPress Plugin LearnPress-WordPress LMS Cross-Site Request Forgery (3.2.7.2)

GlassFish CVE-2016-5528 Vulnerability (CVE-2016-5528)

Severity

Medium

Classification

CVE-2013-2081 CWE-264

Tags

Missing Update Known Vulnerabilities